org.bouncycastle.bcpg.HashAlgorithmTags Java Examples

The following examples show how to use org.bouncycastle.bcpg.HashAlgorithmTags. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: KeySerializer.java    From nomulus with Apache License 2.0 6 votes vote down vote up
/**
 * Serialize a PGPKeyPair
 *
 * <p>Use this to serialize a PGPPrivateKey as well (pairing it with the corresponding
 * PGPPublicKey), as private keys can't be serialized on their own.
 */
public static byte[] serializeKeyPair(PGPKeyPair keyPair) throws IOException, PGPException {
  try (ByteArrayOutputStream byteStream = new ByteArrayOutputStream()) {
    // NOTE: We have to close the ArmoredOutputStream before calling the underlying OutputStream's
    // "toByteArray". Failing to do so would result in a truncated serialization as we took the
    // byte array before the ArmoredOutputStream wrote all the data.
    //
    // Even "flushing" the ArmoredOutputStream isn't enough - as there are parts that are only
    // written by the ArmoredOutputStream when it is closed: the "-----END PGP PRIVATE KEY
    // BLOCK-----" (or similar) footer.
    try (ArmoredOutputStream out = new ArmoredOutputStream(byteStream)) {
      new PGPSecretKey(
          keyPair.getPrivateKey(),
          keyPair.getPublicKey(),
          new JcaPGPDigestCalculatorProviderBuilder()
              .setProvider("BC")
              .build()
              .get(HashAlgorithmTags.SHA256),
          true,
          null).encode(out);
    }
    return byteStream.toByteArray();
  }
}
 
Example #2
Source File: PGPSignatureUtilsTest.java    From pgpverify-maven-plugin with Apache License 2.0 6 votes vote down vote up
@DataProvider(name = "provider-signature-hash-algorithms")
public Object[][] providerSignatureHashAlgorithms() {
    return new Object[][]{
            {HashAlgorithmTags.MD5, false},
            {HashAlgorithmTags.SHA1, true},
            {HashAlgorithmTags.RIPEMD160, true},
            {HashAlgorithmTags.DOUBLE_SHA, false},
            {HashAlgorithmTags.MD2, false},
            {HashAlgorithmTags.TIGER_192, false},
            {HashAlgorithmTags.HAVAL_5_160, false},
            {HashAlgorithmTags.SHA256, true},
            {HashAlgorithmTags.SHA384, true},
            {HashAlgorithmTags.SHA512, true},
            {HashAlgorithmTags.SHA224, false}
    };
}
 
Example #3
Source File: PGPUtils.java    From desktopclient-java with GNU General Public License v3.0 6 votes vote down vote up
public static PGPSecretKeyRing copySecretKeyRingWithNewPassword(byte[] privateKeyData,
        char[] oldPassphrase, char[] newPassphrase) throws PGPException, IOException, KonException {

    // load the secret key ring
    PGPSecretKeyRing secRing = new PGPSecretKeyRing(privateKeyData, FP_CALC);

    PGPDigestCalculatorProvider calcProv = new JcaPGPDigestCalculatorProviderBuilder().build();
    PBESecretKeyDecryptor decryptor = new JcePBESecretKeyDecryptorBuilder(calcProv)
        .setProvider(PGPUtils.PROVIDER)
        .build(oldPassphrase);

    PGPDigestCalculator calc = new JcaPGPDigestCalculatorProviderBuilder().build().get(HashAlgorithmTags.SHA256);
    PBESecretKeyEncryptor encryptor = new JcePBESecretKeyEncryptorBuilder(PGPEncryptedData.AES_256, calc)
        .setProvider(PROVIDER).build(newPassphrase);

    try {
        return PGPSecretKeyRing.copyWithNewPassword(secRing, decryptor, encryptor);
    } catch (PGPException ex) {
        // treat this special, cause most like the decryption password was wrong
        throw new KonException(KonException.Error.CHANGE_PASS_COPY, ex);
    }
}
 
Example #4
Source File: PGPEncryptionUtil.java    From peer-os with Apache License 2.0 5 votes vote down vote up
public static byte[] signAndEncrypt( final byte[] message, final PGPSecretKey secretKey, final String secretPwd,
                                     final PGPPublicKey publicKey, final boolean armored ) throws PGPException
{
    try
    {
        final ByteArrayOutputStream out = new ByteArrayOutputStream();
        final PGPEncryptedDataGenerator encryptedDataGenerator = new PGPEncryptedDataGenerator(
                new JcePGPDataEncryptorBuilder( SymmetricKeyAlgorithmTags.AES_256 ).setWithIntegrityPacket( true )
                                                                                   .setSecureRandom(
                                                                                           new SecureRandom() )
                                                                                   .setProvider( provider ) );

        encryptedDataGenerator.addMethod(
                new JcePublicKeyKeyEncryptionMethodGenerator( publicKey ).setSecureRandom( new SecureRandom() )
                                                                         .setProvider( provider ) );

        final OutputStream theOut = armored ? new ArmoredOutputStream( out ) : out;
        final OutputStream encryptedOut = encryptedDataGenerator.open( theOut, new byte[4096] );

        final PGPCompressedDataGenerator compressedDataGenerator =
                new PGPCompressedDataGenerator( CompressionAlgorithmTags.ZIP );
        final OutputStream compressedOut = compressedDataGenerator.open( encryptedOut, new byte[4096] );
        final PGPPrivateKey privateKey = secretKey.extractPrivateKey(
                new JcePBESecretKeyDecryptorBuilder().setProvider( provider ).build( secretPwd.toCharArray() ) );
        final PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
                new JcaPGPContentSignerBuilder( secretKey.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1 )
                        .setProvider( provider ) );
        signatureGenerator.init( PGPSignature.BINARY_DOCUMENT, privateKey );
        final Iterator<?> it = secretKey.getPublicKey().getUserIDs();
        if ( it.hasNext() )
        {
            final PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
            spGen.setSignerUserID( false, ( String ) it.next() );
            signatureGenerator.setHashedSubpackets( spGen.generate() );
        }
        signatureGenerator.generateOnePassVersion( false ).encode( compressedOut );
        final PGPLiteralDataGenerator literalDataGenerator = new PGPLiteralDataGenerator();
        final OutputStream literalOut = literalDataGenerator
                .open( compressedOut, PGPLiteralData.BINARY, "filename", new Date(), new byte[4096] );
        final InputStream in = new ByteArrayInputStream( message );
        final byte[] buf = new byte[4096];
        for ( int len; ( len = in.read( buf ) ) > 0; )
        {
            literalOut.write( buf, 0, len );
            signatureGenerator.update( buf, 0, len );
        }
        in.close();
        literalDataGenerator.close();
        signatureGenerator.generate().encode( compressedOut );
        compressedDataGenerator.close();
        encryptedDataGenerator.close();
        theOut.close();
        return out.toByteArray();
    }
    catch ( Exception e )
    {
        throw new PGPException( "Error in signAndEncrypt", e );
    }
}
 
Example #5
Source File: PGPSignatureUtils.java    From pgpverify-maven-plugin with Apache License 2.0 5 votes vote down vote up
/**
 * Check PGP signature for bad algorithms.
 *
 * @param signature PGP signature instance
 *
 * @return Returns null if no bad algorithms used, or algorithm name if used.
 */
public static String checkWeakHashAlgorithm(PGPSignature signature) {
    switch (signature.getHashAlgorithm()) {
        case HashAlgorithmTags.MD5:
            return "MD5";
        case HashAlgorithmTags.DOUBLE_SHA:
            return "double-width SHA";
        case HashAlgorithmTags.MD2:
            return "MD2";
        case HashAlgorithmTags.TIGER_192:
            return "TIGER/192";
        case HashAlgorithmTags.HAVAL_5_160:
            return "HAVAL (5 pass, 160-bit)";
        case HashAlgorithmTags.SHA224:
            return "SHA-224";
        case HashAlgorithmTags.SHA1:
            // fallthrough
        case HashAlgorithmTags.RIPEMD160:
            // fallthrough
        case HashAlgorithmTags.SHA256:
            // fallthrough
        case HashAlgorithmTags.SHA384:
            // fallthrough
        case HashAlgorithmTags.SHA512:
            return null;
        default:
            throw new UnsupportedOperationException("Unknown hash algorithm value encountered: "
                    + signature.getHashAlgorithm());
    }
}
 
Example #6
Source File: KeyGeneratorServicePgpImpl.java    From pgptool with GNU General Public License v3.0 4 votes vote down vote up
protected final static int hashAlgorithmNameToTag(String algorithmName) {
	return getStaticFieldValue(algorithmName, HashAlgorithmTags.class);
}
 
Example #7
Source File: PGPEncryptionUtil.java    From peer-os with Apache License 2.0 4 votes vote down vote up
private static PGPKeyRingGenerator generateKeyRingGenerator( String id, char[] pass, int s2kcount, int keySize,
                                                             KeyPair keyPair ) throws PGPException
{
    // This object generates individual key-pairs.
    RSAKeyPairGenerator kpg = new RSAKeyPairGenerator();

    // Boilerplate RSA parameters, no need to change anything
    // except for the RSA key-size (2048). You can use whatever
    // key-size makes sense for you -- 4096, etc.
    kpg.init( new RSAKeyGenerationParameters( BigInteger.valueOf( 0x10001 ), new SecureRandom(), keySize, 12 ) );

    // First create the master (signing) key with the generator.
    PGPKeyPair rsakp_sign = new BcPGPKeyPair( PGPPublicKey.RSA_GENERAL, kpg.generateKeyPair(), new Date() );
    // Then an encryption subkey.
    PGPKeyPair rsakp_enc = new BcPGPKeyPair( PGPPublicKey.RSA_GENERAL, kpg.generateKeyPair(), new Date() );

    keyPair.setPrimaryKeyId( Long.toHexString( rsakp_sign.getKeyID() ) );
    keyPair.setPrimaryKeyFingerprint( BytesToHex( rsakp_sign.getPublicKey().getFingerprint() ) );
    keyPair.setSubKeyId( Long.toHexString( rsakp_enc.getKeyID() ) );
    keyPair.setSubKeyFingerprint( BytesToHex( rsakp_enc.getPublicKey().getFingerprint() ) );

    // Add a self-signature on the id
    PGPSignatureSubpacketGenerator signhashgen = new PGPSignatureSubpacketGenerator();

    // Add signed metadata on the signature.
    // 1) Declare its purpose
    signhashgen.setKeyFlags( false, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER );
    // 2) Set preferences for secondary crypto algorithms to use
    //    when sending messages to this key.
    signhashgen.setPreferredSymmetricAlgorithms( false, new int[] {
            SymmetricKeyAlgorithmTags.AES_256, SymmetricKeyAlgorithmTags.AES_192, SymmetricKeyAlgorithmTags.AES_128,
            SymmetricKeyAlgorithmTags.CAST5, SymmetricKeyAlgorithmTags.TRIPLE_DES
    } );
    signhashgen.setPreferredHashAlgorithms( false, new int[] {
            HashAlgorithmTags.SHA256, HashAlgorithmTags.SHA1, HashAlgorithmTags.SHA384, HashAlgorithmTags.SHA512,
            HashAlgorithmTags.SHA224,
    } );
    signhashgen.setPreferredCompressionAlgorithms( false, new int[] {
            CompressionAlgorithmTags.ZLIB, CompressionAlgorithmTags.BZIP2, CompressionAlgorithmTags.ZIP
    } );
    // 3) Request senders add additional checksums to the
    //    message (useful when verifying unsigned messages.)
    signhashgen.setFeature( false, Features.FEATURE_MODIFICATION_DETECTION );

    // Create a signature on the encryption subkey.
    PGPSignatureSubpacketGenerator enchashgen = new PGPSignatureSubpacketGenerator();
    // Add metadata to declare its purpose
    enchashgen.setKeyFlags( false, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE );

    // Objects used to encrypt the secret key.
    PGPDigestCalculator sha1Calc = new BcPGPDigestCalculatorProvider().get( HashAlgorithmTags.SHA1 );

    // bcpg 1.48 exposes this API that includes s2kcount. Earlier
    // versions use a default of 0x60.
    PBESecretKeyEncryptor pske =
            ( new BcPBESecretKeyEncryptorBuilder( PGPEncryptedData.CAST5, sha1Calc, s2kcount ) ).build( pass );
    // Finally, create the keyring itself. The constructor
    // takes parameters that allow it to generate the self
    // signature.
    PGPKeyRingGenerator keyRingGen =
            new PGPKeyRingGenerator( PGPSignature.POSITIVE_CERTIFICATION, rsakp_sign, id, sha1Calc,
                    signhashgen.generate(), null,
                    new BcPGPContentSignerBuilder( rsakp_sign.getPublicKey().getAlgorithm(),
                            HashAlgorithmTags.SHA1 ), pske );

    // Add our encryption subkey, together with its signature.
    keyRingGen.addSubKey( rsakp_enc, enchashgen.generate(), null );
    return keyRingGen;
}
 
Example #8
Source File: AbstractSecretKeySigningService.java    From packagedrone with Eclipse Public License 1.0 4 votes vote down vote up
@Override
public OutputStream signingStream ( final OutputStream stream, final boolean inline )
{
    return new SigningStream ( stream, this.privateKey, HashAlgorithmTags.SHA1, inline, VersionInformation.VERSIONED_PRODUCT );
}
 
Example #9
Source File: AbstractSecretKeySigningService.java    From packagedrone with Eclipse Public License 1.0 4 votes vote down vote up
@Override
public void sign ( final InputStream in, final OutputStream out, final boolean inline ) throws Exception
{
    final int digest = HashAlgorithmTags.SHA1;
    final PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator ( new BcPGPContentSignerBuilder ( this.privateKey.getPublicKeyPacket ().getAlgorithm (), digest ) );

    if ( inline )
    {
        signatureGenerator.init ( PGPSignature.CANONICAL_TEXT_DOCUMENT, this.privateKey );
    }
    else
    {
        signatureGenerator.init ( PGPSignature.BINARY_DOCUMENT, this.privateKey );
    }

    final ArmoredOutputStream armoredOutput = new ArmoredOutputStream ( out );
    armoredOutput.setHeader ( "Version", VersionInformation.VERSIONED_PRODUCT );

    if ( inline )
    {
        armoredOutput.beginClearText ( digest );

        final LineNumberReader lnr = new LineNumberReader ( new InputStreamReader ( in, StandardCharsets.UTF_8 ) );

        String line;
        while ( ( line = lnr.readLine () ) != null )
        {
            if ( lnr.getLineNumber () > 1 )
            {
                signatureGenerator.update ( NL_DATA );
            }

            final byte[] data = trimTrailing ( line ).getBytes ( StandardCharsets.UTF_8 );

            if ( inline )
            {
                armoredOutput.write ( data );
                armoredOutput.write ( NL_DATA );
            }
            signatureGenerator.update ( data );
        }

        armoredOutput.endClearText ();
    }
    else
    {

        final byte[] buffer = new byte[4096];
        int rc;
        while ( ( rc = in.read ( buffer ) ) >= 0 )
        {
            signatureGenerator.update ( buffer, 0, rc );
        }
    }

    final PGPSignature signature = signatureGenerator.generate ();
    signature.encode ( new BCPGOutputStream ( armoredOutput ) );

    armoredOutput.close ();
}
 
Example #10
Source File: RsaHeaderSignatureProcessor.java    From packagedrone with Eclipse Public License 1.0 4 votes vote down vote up
public RsaHeaderSignatureProcessor ( final PGPPrivateKey privateKey )
{
    this ( privateKey, HashAlgorithmTags.SHA1 );
}
 
Example #11
Source File: RepositoryCreator.java    From packagedrone with Eclipse Public License 1.0 4 votes vote down vote up
public Builder setSigning ( final PGPPrivateKey privateKey )
{
    return setSigning ( privateKey, HashAlgorithmTags.SHA1 );
}
 
Example #12
Source File: Encryptor.java    From desktopclient-java with GNU General Public License v3.0 4 votes vote down vote up
/**
 * Encrypt, sign and write input stream data to output stream.
 * Input and output stream are closed.
 */
private static void encryptAndSign(
        InputStream plainInput, OutputStream encryptedOutput,
        PersonalKey myKey, List<PGPUtils.PGPCoderKey> receiverKeys)
        throws IOException, PGPException {

    // setup data encryptor & generator
    BcPGPDataEncryptorBuilder encryptor = new BcPGPDataEncryptorBuilder(PGPEncryptedData.AES_192);
    encryptor.setWithIntegrityPacket(true);
    encryptor.setSecureRandom(new SecureRandom());

    // add public key recipients
    PGPEncryptedDataGenerator encGen = new PGPEncryptedDataGenerator(encryptor);
    receiverKeys.forEach(key ->
        encGen.addMethod(new BcPublicKeyKeyEncryptionMethodGenerator(key.encryptKey)));

    OutputStream encryptedOut = encGen.open(encryptedOutput, new byte[BUFFER_SIZE]);

    // setup compressed data generator
    PGPCompressedDataGenerator compGen = new PGPCompressedDataGenerator(PGPCompressedData.ZIP);
    OutputStream compressedOut = compGen.open(encryptedOut, new byte[BUFFER_SIZE]);

    // setup signature generator
    int algo = myKey.getSigningAlgorithm();
    PGPSignatureGenerator sigGen = new PGPSignatureGenerator(
            new BcPGPContentSignerBuilder(algo, HashAlgorithmTags.SHA256));
    sigGen.init(PGPSignature.BINARY_DOCUMENT, myKey.getPrivateSigningKey());

    PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
    spGen.setSignerUserID(false, myKey.getUserId());
    sigGen.setUnhashedSubpackets(spGen.generate());

    sigGen.generateOnePassVersion(false).encode(compressedOut);

    // Initialize literal data generator
    PGPLiteralDataGenerator literalGen = new PGPLiteralDataGenerator();
    OutputStream literalOut = literalGen.open(
        compressedOut,
        PGPLiteralData.BINARY,
        "",
        new Date(),
        new byte[BUFFER_SIZE]);

    // read the "in" stream, compress, encrypt and write to the "out" stream
    // this must be done if clear data is bigger than the buffer size
    // but there are other ways to optimize...
    byte[] buf = new byte[BUFFER_SIZE];
    int len;
    while ((len = plainInput.read(buf)) > 0) {
        literalOut.write(buf, 0, len);
        sigGen.update(buf, 0, len);
    }

    literalGen.close();

    // generate the signature, compress, encrypt and write to the "out" stream
    sigGen.generate().encode(compressedOut);
    compGen.close();
    encGen.close();
}